[Patch 3/2 v2] semodule: maintain old functionality

Christopher Pardy <cpardy@xxxxxxxxxx> · Mon, 06 Jul 2009 14:01:01 -0400

Patch for semodule command
semodule -B
Will now turn on dontaudit rules
semodule -DB
Will turn off dontaudit rules.
With other patch all other semanage commands will maintain state.
 
Created by Dan Walsh
 
Signed-off-by: Christopher Pardy <cpardy@xxxxxxxxxx>

---
 policycoreutils/semodule/semodule.c |    3 +++
 1 file changed, 3 insertions(+)

diff -urpN selinux.orig3/policycoreutils/semodule/semodule.c selinux/policycoreutils/semodule/semodule.c

--- selinux.orig3/policycoreutils/semodule/semodule.c	2009-07-06 13:26:25.802165404 -0400
+++ selinux/policycoreutils/semodule/semodule.c	2009-07-06 13:58:22.572415382 -0400
@@ -421,6 +421,9 @@ int main(int argc, char *argv[])
 			semanage_set_rebuild(sh, 1);
 		if (disable_dontaudit)
 			semanage_set_disable_dontaudit(sh, 1);
+		else if(build)
+			semanage_set_disable_dontaudit(sh,0);
+
 		result = semanage_commit(sh);
 	}
 
diff -urpN selinux.orig3/policycoreutils/semodule/semodule.c selinux/policycoreutils/semodule/semodule.c
--- selinux.orig3/policycoreutils/semodule/semodule.c	2009-07-06 13:26:25.802165404 -0400
+++ selinux/policycoreutils/semodule/semodule.c	2009-07-06 13:58:22.572415382 -0400
@@ -421,6 +421,9 @@ int main(int argc, char *argv[])
 			semanage_set_rebuild(sh, 1);
 		if (disable_dontaudit)
 			semanage_set_disable_dontaudit(sh, 1);
+		else if(build)
+			semanage_set_disable_dontaudit(sh,0);
+
 		result = semanage_commit(sh);
 	}
 




